Profile of subscriber transactions

[jimfenton]

(Submitted by MITRE)

In 800-63C Section 9.1 paragraph 1:

"For example, a subscriber using the same IdP to authenticate to multiple RPs allows the IdP to build a profile of subscriber transactions that would not have existed absent federation." While subscriber privacy is important in the Internet world, insider threat is important within some organizations.

Suggest adding a phrase or sentence that privacy vs. insider threat detection may steer an organization one way or the other on tracking and profiling.